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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPiRE'3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time nnay be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any { 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )S Responsive to comnnunication(s) filed on 10 June 2003 . 
2a)^ This action is FINAL. 2b)n This action is non-final. 

3) {3 Since this application is In condition for allowance except for formal nnatters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
Disposition of Claims 

4) ^ Claim(s) 1 and 23-42 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) KI Claim(s) 1 and 23-42 is/are rejected. 

Claim(s) is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) n The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: 3)0 accepted or b)^ objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
11 )□ The proposed drawing correction filed on is: a)n approved b)\Z\ disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) D The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§119 and 120 

13) 0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 

a)nAII b)n Some*c)n None of: 

1 Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) n Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

15) 0 Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121 . 
Attachment(s) 

1 ) n Notice of References Cited (PTO-892) 4) O Interview Sunnmary (PTO-413) Paper No(s). . 

2) n Notice of Draftsperson's Patent Drawing Review (PTO-948) 5) O Notice of Infonnal Patent Application (PTO-152) 

3) S Infonnation Disclosure Statement(s) (PTO-1449) Paper No(s) 23.26 . 6) □ Other: 
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DETAILED ACTION 
Claim Rejections - 35 USC § 103 

1 . The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 1 and 23-42 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over "Java Card 2.0 Programming Concepts" by SUN. 

As to claim 1, SUN teaches a small footprint device (Java card / smart card) 
comprising: at least one processing element (virtual machine / operating system 
process) (pg. 3, Lifetime of the Virtual Machine) configured to execute groups of 
program modules (applets) in separate contexts (pg. 7, "...applets are isolated from 
each other." Pg. 2, "Each applet is an independent entity with its own state and 
functionality."), objects of a program module (objects instantiated by an applet) 
associated with a particular context (pg. 3, "Every object on the card is owned by the 
applet which instantiated it. The owning applet always has full privileges to use and 
modify the object."); and a context barrier (applet firewall) for separating and isolating 
the contexts (pg. 7, "To create a secure and trusted environment, applets are isolated 
from each other. An applet firewall prevents one applet from accessing the contents or 
behavior of objects owned by other applets."), the context barrier configured to control 
object-oriented access of a program module (applet) executing in one context to 
information (object) and/or a program module (applet) executing in another context (pg. 
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2, "However, Java Card provides facilities to support more sophisticated scenarios in 
which multiple applets can discover each other, communicate, and share data in a 
limited manner, while still maintaining protection from each other in the form of a firewall 
between applets."), the context barrier further configured to prevent the access if the 
access is unauthorized (pg. 7, "If an applet does not have sharing privileges for an 
object, any attempt to invoke an instance method or access the object's contents will 
throw a Security Exception...") and enable the access if the access is authorized (via 
Unrestricted Sharing or Restricted Sharing) (pg. 8); and a global data structure (JCRE) 
for permitting one program module (applet) to access information from another program 
module (applet) by bypassing the context barrier (applet firewall) (pg. 7-8, "However, it 
is necessary to allow exceptions to this restriction. The JCRE must be able to invoke 
methods on applets..."; pg. 2, "However, Java Card provides... form of a firewall 
between applets."). However, SUN does not explicitly mention that the device has 
memory and that the context barrier uses the memory. It is well known to one of 
ordinary skill in the art that a device has memory and therefore obvious that the device 
would have memory for storing program modules and other functionalities of the device 
such that the firewall protects these memory regions from being accessed. 

As to claim 32, reference is made to a method that corresponds to the device of 
claim 1 and is therefore met by the rejection of claim 1 above. However, claim 32 
further details the device includes a processing machine wherein the program modules 
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are executed on. It is obvious that the processing element (virtual machine) of claim 1 
is the processing machine of claim 32. 

As to claim 34, refer to claim 1 for rejection. However, claim 34 further details 
the creating of the global data structure. It is obvious to one of ordinary skill in the art 
that since the teachings of SUN have a global data structure that it is created. 

As to claim 35, refer to claim 1 for rejection. However, claim 35 further details 
the steps of creating a global data structure; permitting one program module to write 
information to the global data structure; and having at least one other program module 
read information from the global data structure thereby bypassing the context barrier. 
SUN teaches permitting one program module (applet) to write information (method 
invocation / sending bytes and receiving bytes) to the global data structure (JCRE), and 
having at least one other program module (applet) read information from the global data 
structure thereby bypassing the context barrier (applet firewall) (pg. 2, "However, Java 
Card provides facilities to support more sophisticated scenarios in which multiple 
applets can discover each other, communicate, and share data in a limited manner, 
while still maintaining protection from each other in the form of a firewall between 
applets."; pg. 8, "For method invocation operations, the JCRE remembers the old 
context, and performs an applet context switch to allow the code in the objects applet to 
function correctly and with expected security restrictions."; pg. 14-16). 
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As to claims 36 and 37, reference is made to a computer program product that 
corresponds to the device of claim 1 and is therefore met by the rejection of claim 1 
above. 

As to claims 38 and 39, refer to claims 36 and 37 for rejection. However, claim 
38 further details permitting one program to access information from another program 
by bypassing a context barrier using a global data structure. SUN teaches permitting 
one program module (applet) to access information (method invocation / sending bytes 
and receiving bytes) from another program module (applet) using the global data 
structure (JCRE) (pg. 2, "However, Java Card provides facilities to support more 
sophisticated scenarios in which multiple applets can discover each other, 
communicate, and share data in a limited manner, while still maintaining protection from 
each other in the form of a firewall between applets."; pg. 8, "For method invocation 
operations, the JCRE remembers the old context, and performs an applet context 
switch to allow the code in the object's applet to function correctly and with expected 
security restrictions."; pg. 14-16). 

As to claim 40, reference is made to a computer wave that corresponds to the 
device of claim 1 and is therefore met by the rejection of claim 1 above. 

As to claim 41 , refer to claim 40 for rejection. However, claim 41 further details 
permitting one program to access information from another program using the one 
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global data structure. SUN teaches permitting one program module (applet) to access 
information (method invocation / sending bytes and receiving bytes) from another 
program module (applet) using the global data structure (JCRE) (pg. 2, "However, Java 
Card provides facilities to support more sophisticated scenarios in which multiple 
applets can discover each other, communicate, and share data in a limited manner, 
while still maintaining protection from each other in the form of a firewall between 
applets."; pg. 8, "For method invocation operations, the JCRE remembers the old 
context, and performs an applet context switch to allow the code in the object's applet to 
function correctly and with expected security restrictions."; pg. 14-16). 

As to claim 42, refer to claim 1 for rejection. However, claim 42 further details 
the transmitting of a code over a network wherein the code is instructions for 
implementing a global data structure for bypassing a context barrier. It is obvious that 
the firewall and the JCRE has program code in order to function on the java card 
system. However, SUN does not teach that the code is sent over a communications 
link. It is well known to one of ordinary skill in the art that computer code is downloaded 
from a developer system or server system to an implementation system or client 
system. Therefore, it is obvious to one skilled in the art at the time of the invention that 
the carrier wave code of the firewall and JCRE is shipped or downloaded from a server 
system to a client system to be implemented. 
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As to claims 23-26, SUN teaches that each applet has its own context (Applet 
execution context) (pg. vii, Terminology) and that the applets are separated by an applet 
firewall (pg. 7) and an applet can access another applet and its object by the JCRE (pg. 
7-8). It is well known to one of ordinary skill in the art that an execution context has a 
memory space or name space. Therefore, it is obvious that the applets have their 
separate memory spaces or name spaces for each applets execution. It is also obvious 
that since an applet can access another applet via the JCRE that the multiple applets 
can access one another through the JCRE when allowed. 

As to claims 27-31 , SUN teaches the context barrier (applet firewall) prevents 
access from a principle (applet) in one context to an object in a different context (applet) 
(pg. 7, Applet Isolation and Object Sharing, "An applet firewall prevent one applet from 
accessing the contents or behavior of objects owned by other applets."; pg. 2, Multiple 
Applets, "However, Java Card provides. ..in which multiple applets can discover each 
other, communicate, and share data in a limited manner, while still maintaining 
protection from each other in the form of a firewall between applets."). It is obvious that 
since the context barrier prevents object access to an applet not owning the objects (pg. 
7) that the context barrier enforces a security check on the applet accessing of the 
object. It is also obvious that the security check involves name / memory space 
agreement since the applet can only access objects within its execution context and it is 
well known to one of ordinary skill in the art that an execution context has a memory 
space or name space. 
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As to claims 33, SUN teaches the applet firewall prevents one applet from 
accessing the contents or behavior of objects owned by other applets (pg. 7, Applet 
Isolation and Object Sharing) and that when one applet invokes another applet's 
objects, the JCRE performs applet context switch to allow the code in the objects applet 
to perform the method invocation operation (pg. 8, Applet Isolation and Object Sharing). 
Therefore, it would be obvious that the firewall prevents access from a principal to an 
object unless they are on the same context and unless they access the JCRE for allow 
the access. 

Response to Arguments 

3. Applicant's arguments filed 6/10/03 have been fully considered but they are not 
persuasive. Applicant argues that in regards to all amended claims the cited art does 
not teach or suggest all claim limitations. Applicant states that the invention deals with 
object-based access and states the prior art objects as performing code based access 
as the difference in not teaching or suggest all of the claim limitations. However, the 
examiner cannot find any disclosure within the cited art that the access is code based. 
Sun teaches that applets are objects (pg. 2) and the applet firewall prevents one applet 
from accessing the contents or behavior of objects owned by other applets and that it 
maintains the protection of applets (pg. 2 and 7). Hence, the communication between 
an applet and an object is from one object to another. Futhermore, as detailed by 
Applicant in defining what a class and an object are, objects are themselves object 
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oriented programming code that is structured in a class. Therefore, the objects are 
code-based also. 

Applicant then points out to other limitations in the specification as to showing the 
difference in the prior art to the invention. For instance in the specification at page 1 1 , 
lines 16-20, and the appendix of the application. However, under the M.P.E.P. 2111 
practice, the examiner is giving the broadest possible interpretation in examining the 
claims. Any limitations in the cited portions that are not explicitly detail in the claims as 
written should not be argued since these limitations were never part of the claim. 

Applicant argues that the security checks may use the identity of the principal, 
the identity of the entity, and/or the type of action, but no mention is made of basing the 
security check on the applet code. The examiner disagrees. The examiner has 
assumed that Applicant is basing these arguments to dependent claims 27-31 and 33. 
In reviewing those claims. Applicant indicates that the program modules comprise at 
least one of a principal or an object and the context barrier enforces security checks on 
at least one of a principal, an object, and an action. The examiner has mapped the 
program modules to the applet and since the applet is accessing an object it is a 
principal. The prior art clearly states that the applet firewall ensures that no other applet 
may use, access, or modify the contents of an object owned by another applet except 
as described in this section. Therefore, there must be a security check on either the 
principal or the access action in order for the firewall to allow an applet to access, use, 
or modify the contents of an object. 
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Therefore, since the prior art still meets the claims as disclosed the rejection is 
maintained. 

Conclusion 

4. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .1 36(a)- 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .1 36(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Lewis A. Bullock, Jr. whose telephone number is (703) 
305-0439. The examiner can normally be reached on Monday-Friday, 8:30 am - 5:00 
pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John A Follansbee can be reached on (703) 305-8498. The fax phone 
numbers for the organization where this application or proceeding is assigned are (703) 
746-7239 for regular communications and (703) 746-7238 for After Final 
communications. 
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Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is (703) 305- 
0286. 
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